Description

The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, related to the retrieveCacheFirst and useLocalCache functions.

Remediation

References

CVE-2014-5459

Related Vulnerabilities

WordPress 4.6.x Denial of Service Vulnerability (4.6 - 4.6.10)

Oracle Database Server CVE-2014-0377 Vulnerability (CVE-2014-0377)

Dotclear Other Vulnerability (CVE-2007-3688)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-6728)

Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability (CVE-2022-23646)

Severity

Low

Classification

CVE-2014-5459 CWE-59

Tags

Missing Update Known Vulnerabilities